Steganography Wing

of the

Gallery of CSS Descramblers

Steganography is the art of hiding a secret message inside another
message.

It is not the study of stegosauruses. It doesn't even have the
same root ("stega" vs. "stego"), although as reader Peter Ecker was
kind enough to point out, stega ("covered") and stego
("roof") are semantically related. Please forgive the pun.

This gif file contributed by Robert de Bath, contains a
surprise inside. Mr. Bath writes: "There are two tiny facts about
GIF files and ZIP files you might like to know about: GIF files have
their length defined at the start of the file; any bytes after are
ignored. ZIP files have a table at the end; anything at the start of
the file is ignored. The result is that a file can be both a GIF and
a ZIP, just change the extension."

Click to view full image.
Joshua Shagam at NMSU created this very clever image of some C source
code. This is not the code for DeCSS. But if you compile the code in
the image and then feed it a raw pnm version of the image file as
input, you'll get a surprise. (The DeCSS source is encoded in the low
order bit of every byte in the image.)

This prime
number, found by Phil
Carmody, encodes the gzipped source
of the anonymous C decryption code (minus the tables). Phil has some
information about this here The number
is listed in the registry of "interesting
primes" maintained by Professor Chris Caldwell of
the department of Mathematics, University of Tennessee at Martin. The
prime is interesting, first, because it is over 1000 digits with no
easily-provable form, and second, because as an encoding of DeCSS, it
is the first known illegal
prime: its publication is prohibited under the Digital Millenium
Copyright Act. Read more about it at tbtf.com or The
Register. A Perl program
for extracting the source from this prime number was
contributed by Jamie McCarthy,

Phil Carmody subsequently created the first non-trivial executable prime, an
implementation of Hannum's efdtt.c for the Intel architecture. For
more information, see Tom Greene's article
in The Register. Here's the official Prime
Curios entry.

Here is the source of efdtt.c, the
434 character C decryption program, embedded in a photograph of MPAA
president Jack Valenti. The embedding was done with Xerox DataGlyphs technology. You can
read more about DataGlyphs in this article from the March
2001 issue of IEEE Computer. Contributed by Tim Scott.

Benot Rouits writes:
"X-Faces are ASCII icons intended to show in low-quality the face
of an e-mail author... Most Unix mailreaders and Mac ones handle
X-face headers... *Anyway*, the purpose of this thumbnail was for me a
mean to express a kind of personification of efdtt.c since it can be
now seen as a *face*... More informaton about X-Face header can be
found here:http://www.dairiki.org/xface."

This is a Unix shell script (/bin/sh) containing
the following sequence of commands: for DVDs
in Linux screw the MPAA and ; do dig $DVDs.z.zoy.org ; done | perl -ne
's/\.//g; print pack("H224",$1) if(/^x([^z]*)/)' | gunzip.
Explanation: a hex dump of the gzipped css-auth code was used
to generate a bunch of host names in a DNS server. (DNS, or Domain
Name Service, is how host names get mapped to IP addresses.) The
dig command is used to query the server and extract the
entries; the rest of the commands reformat the output to recover the C
source code. This code comes from Samuel Hocevar's
42 Ways to Distribute DeCSS.

css_descramble.c as a 43,016 base pair DNA sequence, contributed by Joerg Dietrich, who says:
"Maybe somebody with a local copy of the Human Genome Project database
on his personal supercomputer can find this sequence in our genetical
information. This would mean nearly 6 billion lawbreakers on this
planet." The encoding is a simple substitution cipher, produced by this Perl code.

This actual board from
a run of Swine
Keeper (an open source, GPL'ed implementation the popular
Minesweeper game) is also an encoding of the ASCII source of Charles
Hannum's efdtt.c program.
Skeptical? Here are the mines. The
encoding is left as an exercise for the reader, but if you don't feel
like guessing, you can find the answer here. Thanks to anonymous contributor
Blat Froop.

Here is css_descramble.c encoded as
a collection of seemingly
random lines drawn from the text of the Digital Millenium
Copyright Act. It was contributed by Sham Gardner. Each byte of
the original source has been used as an index into an array of unique,
non-blank text lines. Basically, it's a one-to-many substitution
cipher. You can read more about this encoding technique and download
the Perl code from Sham's page.

Here's a page of search engine
queries courtesy of Cameron
Miller. Click on any link to search for DeCSS. So the page is
really a list of links to lists of links. But wait -- are you really
two mouse clicks away from having the DeCSS "virus" infect your
computer? What's that thing in the page's META tag? (Select "View
Source" in your browser to see the META tag.) Whoops! There it
is!

Trojan Cow is a scheme for
distributing the DeCSS source by embedding it in image files that
become part of official government document collections, such as the
set of comments submitted to the Librarian of Congress concerning the
DMCA. There are actually two cows involved, and the technique for
recovering the code is a secret (hence, presumably protected by the
DMCA.) Contributed by Karl O. Pinc.

Rene S. Hollan contributed
this example of self-documenting
steganography: the source of css-descramble.c is encoded in the
patterns of spaces between words, while the words themselves explain the
encoding! Sample text: "Consider a file
format where data
modulates non-leading and
non-trailing spaces between
non-space tokens of
a plain text
file...." The C++ source for the encoding and
decoding programs is included in this gzipped
tar file.

This ASCII art
encoding of the css_descramble.c source file contains nothing but
pound signs (#), spaces, and carriage returns. It's another example
of human-readable source code that is not readable by a C compiler.
Contributed by Nicolas
Ribot.

Here is a typo-laden
transcript of day 6 of the New York DVD trial. We're talking a
lot of typos here. In fact, there seems to be a typo about every 17
characters. The typos encode the text of css_descramble.c. The encoding/decoding
program can be found here, and the uncorrupted
source for the transcript here.
(Contributed by Scott A. Crosby.)

-----BEGIN PGP MESSAGE----- An encrypted copy of css_descramble.c,
produced by GNU Privacy Guard (GPG).
To decrypt it, you need to know that the secret pass phrase is
"speechiscode". Under what circumstances would the encrypted file be legal to publish?
(Contributed by Scott A. Crosby.)

Zebra label barblocks, contributed by Lion J Templin. Type PDF417
barblocks, coded in ZPL for a Zebra commercial label printer, can hold
just over 1024 bytes. Three labels slapped on an envelope can send
DeCSS around the world. For the full story on this encoding, see
Lion's barblock
page.

This scan of a six-page preliminary injunction
issued in the California DeCSS case contains two identical copies of the 32-entry
color palette. Whether the ith byte of the image is encoded using
palette 0 or palette 1 depends on the ith bit of decss.zip.
Contributed by Russell Nelson. All six
pages of the injunction can be found
here.

This Commodore 64 audio
tape file was contributed by John Mildham, who writes:
"If you know it, you remember the squeaky tape-noises of a
Commodore 64 program on cassette. Well there are programs that can
convert C64-tapes (wavs) to programs and vice versa. I used
... wav-prg to make a C64 version of the Decss routine (simply
renaming decss.c to decss.prg and making a wav from it with the
program) ... simply convert the WAV-file back later to its .prg form
and rename it to .C ;) The included WAV-file is 8 Bit 44.1 khz."
Decoding program available here.